#!/bin/bash

log-debug "creating admin registration entry on server a..."
docker compose exec -T spire-server-a \
    /opt/spire/bin/spire-server entry create \
    -parentID "spiffe://domain-a.test/spire/agent/x509pop/$(fingerprint conf/domain-a/agent/agent.crt.pem)" \
    -spiffeID "spiffe://domain-a.test/admin" \
    -selector "unix:uid:1001" \
    -admin \
    -x509SVIDTTL 0
check-synced-entry "spire-agent-a" "spiffe://domain-a.test/admin"

log-debug "creating foreign admin registration entry..."
docker compose exec -T spire-server-b \
    /opt/spire/bin/spire-server entry create \
    -parentID "spiffe://domain-b.test/spire/agent/x509pop/$(fingerprint conf/domain-b/agent/agent.crt.pem)" \
    -spiffeID "spiffe://domain-b.test/admin" \
    -selector "unix:uid:1003" \
    -federatesWith "spiffe://domain-a.test" \
    -x509SVIDTTL 0
check-synced-entry "spire-agent-b" "spiffe://domain-b.test/admin"

log-debug "creating regular registration entry..."
docker compose exec -T spire-server-a \
    /opt/spire/bin/spire-server entry create \
    -parentID "spiffe://domain-a.test/spire/agent/x509pop/$(fingerprint conf/domain-a/agent/agent.crt.pem)" \
    -spiffeID "spiffe://domain-a.test/workload" \
    -selector "unix:uid:1002" \
    -x509SVIDTTL 0
check-synced-entry "spire-agent-a" "spiffe://domain-a.test/workload"
